vx-underground

26 Jun 2024 06:55

When we find the guy who did the documentation for IActiveScript and IActiveScriptParse64 on MSDN

vx-underground

26 Jun 2024 00:50

As reference: we expressed extremely skepticism with Lockbit ransomware groups claims. We suspected the affiliate (who probably doesn't know English) saw a document that said "United States Federal Reserve" and thought it was that.

https://x.com/vxunderground/status/1805214817625530613

vx-underground

25 Jun 2024 23:47

Never call Bradley – 'Brad'. Might as well spit in his face. -1/10 social engineering attempt.

vx-underground

25 Jun 2024 23:40

> check tg
> check dms
> get message from someone saying theyre owner of vx-underground (wtf thats me)
> me tells me im the new ceo (wtf)
> me tells me to check my email

Weird social engineering attempt

vx-underground

25 Jun 2024 21:45

June 11th a Microsoft engineer accidentally leaked 4GB of Microsoft PlayReady internal code. It was leaked on the Microsoft Developer Community. The leak includes:

- WarBird configurations
- WarBird libraries for code obfuscation functionality
- Libraries with symbolic information related to PlayReady

Researchers from AG Security Research Lab were able to successfully build the Windows PlayReady dll library from the leaked code. Interestingly, they were assisted because on the Microsoft Developer Community forum a user also provided step-by-step instructions on how to begin the build process.

Also, interestingly, interestingly, the Microsoft Symbol Server doesn't block requests for PDB files corresponding to Microsoft WarBird libraries, which inadvertently leaks more information.

Adam Gowdiak of AG Security Research Lab reported the issue and Microsoft removed the forum post. However, as of this writing, the download link is still active.

File listing is below. Forums screenshots are attached. All information discovered by AG Security Research Lab

File listing: https://pastebin.com/raw/i65qfd2z

vx-underground

25 Jun 2024 03:32

Apologies – was testing something on Telegram. I'm sorry if that sent out a broadcast message.

vx-underground

25 Jun 2024 01:50

Today, Julian Assange made a plea deal with the US government. Assange will plead guilty to a felony charge for his role in a major breach of classified material, receiving a 62-month sentence already served, allowing him to return to Australia. Note: The plea deal must be approved by a federal judge.

vx-underground

24 Jun 2024 20:58

We missed the date on this. This is a few years old (we're confused and scared)

vx-underground

24 Jun 2024 17:00

You can now have ARM and x64 in the same process. Thank you, Microsoft. You continue to introduce new ways for us to explore malware capabilities.

https://learn.microsoft.com/en-us/windows/arm/arm64ec

vx-underground

24 Jun 2024 14:22

Yesterday Lockbit ransomware group claimed to have ransomed the United States Federal Reserve.

1. Doubt

2. If Lockbit ransomware group actually ransomed the United States Federal Reserve it would be DEFCON 2 and the administrators would need to worry about a drone strike

vx-underground

23 Jun 2024 07:19

Damn, Mark Cuban got the hookup. Sundar Pichai got the squad on it ASAP

vx-underground

22 Jun 2024 23:40

CDK Global outage officially attributed to BlackSuit ransomware group.

That's interesting.

More information: https://www.bleepingcomputer.com/news/security/cdk-global-outage-caused-by-blacksuit-ransomware-attack/

vx-underground

22 Jun 2024 16:27

Greets

We're still watching the CDK Global situation – some CDK Global customers submitted precautionary SEC 8-K forms. ZachXBT and other cryptocurrency nerds are discussing the theft of $54,000,000 from BtcTurk.

Please, no more chaos. We're busy this weekend 🙏

vx-underground

22 Jun 2024 03:29

Correction: the files submitted also contain the string "This content is no longer available.".

However, the file extension being changed to .rar, .mp4, etc. result in a false positive and gets flagged as spyware (???)

Shoutout to Coin for spotting this.

vx-underground

22 Jun 2024 00:18

Companies when they discover cybersecurity isn't a buzzword, they've become a victim of ransomware, and it's causing damage on an international scale

vx-underground

26 Jun 2024 01:13

In the past 30 days vx-underground has had 59,000 unique visitors, served 5,590,000 requests, and delivered 408TB of malware.

It cost you $0 because we have cool sponsors and cool monthly supporters.

vx-underground

26 Jun 2024 00:47

Today Lockbit ransomware groups 'timer' on the 'Federal Reserve' hit zero. They did not ransom the Federal Reserve as we expected – they ransomed Evolve Bank & Trust.

We also assume the data is not critical because the facility is still operational.

vx-underground

25 Jun 2024 23:42

bro thinks im mark cuban wtf

vx-underground

25 Jun 2024 23:03

Today BianLian ransomware group claimed to have ransomed the Better Business Bureau

🧐🧐🧐🧐🧐

vx-underground

25 Jun 2024 17:57

No major updates, news, or memes. Right now we're very busy (that's a lie, we're just being lazy)

vx-underground

25 Jun 2024 02:51

Crazy to think Julian Assange got freed before GTA VI or Elder Scrolls VI

vx-underground

24 Jun 2024 22:31

Facebook is flooded with actual garbage AI bait posts. We don't understand how these images are so popular (and believed to be real)

vx-underground

24 Jun 2024 17:43

If you like embedded security, ICS security, automotive security, etc. you can go to RST CON

RST CON is being held this year in Savannah, Georgia, USA September 13th - September 15th

Get 10% off tickets with code vxunderground

*we're not getting paid for this, just a discount

vx-underground

24 Jun 2024 14:24

Unless Lockbit ransomware group ransomed something small in the Federal Reserve, like maybe Lockbit took down their coffee machine and they can't watch anime or something (we don't know what the staff at the Federal Reserve actually do)

vx-underground

24 Jun 2024 00:00

We hope everyone has had a good week and weekend.

We'll see all of you tomorrow.

vx-underground

23 Jun 2024 07:14

Social engineering is alive and well

vx-underground

22 Jun 2024 23:31

> wake up
> check e-mail
> asked to sponsor cybersecurity conference

We love you for thinking about us. But you're basically asking a homeless person for $10,000+. It could be the other way around, we should be asking you to sponsor us.

vx-underground

22 Jun 2024 16:20

Ransomware operators celebrating another healthcare facility being ransomed (they said it's the hospital's fault, not theirs)

vx-underground

22 Jun 2024 03:20

rari_teh and Skejeton found an ultra rare false-positive

Creating a file with the string "This content is no longer available." is flagged by Windows Defender. It's a SHA256 collision with an actual malware sample.

The probability of a SHA256 collision is 4.3*10^60.

There is a higher probability of an asteroid crashing into the planet and causing a max extinction.

vx-underground

21 Jun 2024 22:52

Note: he doesn't know us, we don't know him or his team. Our website is sketchy to non-malware people.

We don't see this as insulting. But, it's funny seeing him say this for liability sake – he doesn't want one of his followers detonating ransomware and then blaming him 😂😂